Miguel Falé

**Name of the Vulnerable Software and Affected Versions** Esri Portal for ArcGIS versions 10.8.1 through 10.8.1 – 1121 **Description** The issue is a stored Cross-site Scripting vulnerability that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, potentially executing arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. **Recommendations** For Esri Portal for ArcGIS versions 10.8.1 through 10.8.1 – 1121, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Synopsys Seeker versions prior to 2023.12.0 **Description** The issue is a stored cross-site scripting vulnerability that can be exploited through a specially crafted payload. **Recommendations** For versions prior to 2023.12.0, update to version 2023.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable components until the update can be applied.